[html5] r6708 - [e] (0) xrefs for DOM Parsing Fixing http://www.w3.org/Bugs/Public/show_bug.cgi? [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Oct 19 16:11:40 PDT 2011
Author: ianh
Date: 2011-10-19 16:11:38 -0700 (Wed, 19 Oct 2011)
New Revision: 6708
Modified:
complete.html
index
source
Log:
[e] (0) xrefs for DOM Parsing
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=14151
Modified: complete.html
===================================================================
--- complete.html 2011-10-19 23:05:39 UTC (rev 6707)
+++ complete.html 2011-10-19 23:11:38 UTC (rev 6708)
@@ -3888,7 +3888,17 @@
<li><dfn id=event-click title=event-click><code>click</code></dfn> event</li>
- </ul><!--
+ </ul><p>In addition, user agents must implement the features defined in
+ the DOM Range, DOM Parsing and Serialization specification, HTML
+ Editing APIs, and UndoManager and DOM Transaction specifications
+ that apply to their conformance class.
+ <a href=#refsDOMRANGE>[DOMRANGE]</a>
+ <a href=#refsDOMPARSING>[DOMPARSING]</a>
+ <a href=#refsEDITING>[EDITING]</a>
+ <a href=#refsUNDO>[UNDO]</a>
+ </p>
+
+<!--
<p>The following features are defined in the DOM
Range specification: <a href="#refsDOMRANGE">[DOMRANGE]</a></p>
@@ -3908,18 +3918,15 @@
<li><dfn title="dom-Range-startOffset"><code>startOffset</code></dfn> attribute </li>
</ul>
---><p>In addition, user agents must implement the features defined in
- the DOM Range, DOM Parsing and Serialization, HTML Editing APIs,
- and UndoManager and DOM Transaction specifications that apply to
- their conformance class.
- <a href=#refsDOMRANGE>[DOMRANGE]</a>
- <a href=#refsDOMPARSING>[DOMPARSING]</a>
- <a href=#refsEDITING>[EDITING]</a>
- <a href=#refsUNDO>[UNDO]</a>
- </p>
+-->
- </dd>
+ <p>The following features are defined in the DOM Parsing and
+ Serialization specification: <a href=#refsDOMPARSING>[DOMPARSING]</a></p>
+ <ul class=brief><li><dfn id=dom-innerhtml title=dom-innerHTML>innerHTML</dfn></li>
+ <li><dfn id=dom-outerhtml title=dom-outerHTML>outerHTML</dfn></li>
+ </ul></dd>
+
<dt>File API</dt>
<dd>
@@ -16121,7 +16128,7 @@
<p class=note>When inserted using the <code title=dom-document-write><a href=#dom-document-write>document.write()</a></code> method,
<code><a href=#the-script-element>script</a></code> elements execute (typically synchronously), but
- when inserted using <code title=dom-innerHTML>innerHTML</code> and <code title=dom-outerHTML>outerHTML</code> attributes, they do not
+ when inserted using <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> and <code title=dom-outerHTML><a href=#dom-outerhtml>outerHTML</a></code> attributes, they do not
execute at all.</p>
<div class=example>
@@ -16501,7 +16508,7 @@
<a href=#text-node>text node</a> children of the <code><a href=#the-noscript-element>noscript</a></code>
element.</li>
- <li>Set the <code title=dom-innerHTML>innerHTML</code>
+ <li>Set the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code>
attribute of the <var title="">parent element</var> to the value
of <var title="">s</var>. (This, as a side-effect, causes the
<code><a href=#the-noscript-element>noscript</a></code> element to be removed from the
@@ -51313,7 +51320,7 @@
outer form "a".</p>
<p>This happens as follows: First, the "e" node gets associated
- with "c" in the <a href=#html-parser>HTML parser</a>. Then, the <code title=dom-innerHTML>innerHTML</code> algorithm moves the nodes
+ with "c" in the <a href=#html-parser>HTML parser</a>. Then, the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> algorithm moves the nodes
from the temporary document to the "b" element. At this point, the
nodes see their ancestor chain change, and thus all the "magic"
associations done by the parser are reset to normal ancestor
@@ -92040,11 +92047,11 @@
<p>This can enable cross-site scripting attacks. An example of this
would be a page that lets the user enter some font names that are
then inserted into a CSS <code><a href=#the-style-element>style</a></code> block via the DOM and
- which then uses the <code title=dom-innerHTML>innerHTML</code>
+ which then uses the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code>
IDL attribute to get the HTML serialization of that
<code><a href=#the-style-element>style</a></code> element: if the user enters
"<code></style><script>attack</script></code>" as a font
- name, <code title=dom-innerHTML>innerHTML</code> will return
+ name, <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> will return
markup that, if parsed in a different context, would contain a
<code><a href=#the-script-element>script</a></code> node, even though no <code><a href=#the-script-element>script</a></code> node
existed in the original DOM.</p>
Modified: index
===================================================================
--- index 2011-10-19 23:05:39 UTC (rev 6707)
+++ index 2011-10-19 23:11:38 UTC (rev 6708)
@@ -3888,7 +3888,17 @@
<li><dfn id=event-click title=event-click><code>click</code></dfn> event</li>
- </ul><!--
+ </ul><p>In addition, user agents must implement the features defined in
+ the DOM Range, DOM Parsing and Serialization specification, HTML
+ Editing APIs, and UndoManager and DOM Transaction specifications
+ that apply to their conformance class.
+ <a href=#refsDOMRANGE>[DOMRANGE]</a>
+ <a href=#refsDOMPARSING>[DOMPARSING]</a>
+ <a href=#refsEDITING>[EDITING]</a>
+ <a href=#refsUNDO>[UNDO]</a>
+ </p>
+
+<!--
<p>The following features are defined in the DOM
Range specification: <a href="#refsDOMRANGE">[DOMRANGE]</a></p>
@@ -3908,18 +3918,15 @@
<li><dfn title="dom-Range-startOffset"><code>startOffset</code></dfn> attribute </li>
</ul>
---><p>In addition, user agents must implement the features defined in
- the DOM Range, DOM Parsing and Serialization, HTML Editing APIs,
- and UndoManager and DOM Transaction specifications that apply to
- their conformance class.
- <a href=#refsDOMRANGE>[DOMRANGE]</a>
- <a href=#refsDOMPARSING>[DOMPARSING]</a>
- <a href=#refsEDITING>[EDITING]</a>
- <a href=#refsUNDO>[UNDO]</a>
- </p>
+-->
- </dd>
+ <p>The following features are defined in the DOM Parsing and
+ Serialization specification: <a href=#refsDOMPARSING>[DOMPARSING]</a></p>
+ <ul class=brief><li><dfn id=dom-innerhtml title=dom-innerHTML>innerHTML</dfn></li>
+ <li><dfn id=dom-outerhtml title=dom-outerHTML>outerHTML</dfn></li>
+ </ul></dd>
+
<dt>File API</dt>
<dd>
@@ -16121,7 +16128,7 @@
<p class=note>When inserted using the <code title=dom-document-write><a href=#dom-document-write>document.write()</a></code> method,
<code><a href=#the-script-element>script</a></code> elements execute (typically synchronously), but
- when inserted using <code title=dom-innerHTML>innerHTML</code> and <code title=dom-outerHTML>outerHTML</code> attributes, they do not
+ when inserted using <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> and <code title=dom-outerHTML><a href=#dom-outerhtml>outerHTML</a></code> attributes, they do not
execute at all.</p>
<div class=example>
@@ -16501,7 +16508,7 @@
<a href=#text-node>text node</a> children of the <code><a href=#the-noscript-element>noscript</a></code>
element.</li>
- <li>Set the <code title=dom-innerHTML>innerHTML</code>
+ <li>Set the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code>
attribute of the <var title="">parent element</var> to the value
of <var title="">s</var>. (This, as a side-effect, causes the
<code><a href=#the-noscript-element>noscript</a></code> element to be removed from the
@@ -51313,7 +51320,7 @@
outer form "a".</p>
<p>This happens as follows: First, the "e" node gets associated
- with "c" in the <a href=#html-parser>HTML parser</a>. Then, the <code title=dom-innerHTML>innerHTML</code> algorithm moves the nodes
+ with "c" in the <a href=#html-parser>HTML parser</a>. Then, the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> algorithm moves the nodes
from the temporary document to the "b" element. At this point, the
nodes see their ancestor chain change, and thus all the "magic"
associations done by the parser are reset to normal ancestor
@@ -92040,11 +92047,11 @@
<p>This can enable cross-site scripting attacks. An example of this
would be a page that lets the user enter some font names that are
then inserted into a CSS <code><a href=#the-style-element>style</a></code> block via the DOM and
- which then uses the <code title=dom-innerHTML>innerHTML</code>
+ which then uses the <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code>
IDL attribute to get the HTML serialization of that
<code><a href=#the-style-element>style</a></code> element: if the user enters
"<code></style><script>attack</script></code>" as a font
- name, <code title=dom-innerHTML>innerHTML</code> will return
+ name, <code title=dom-innerHTML><a href=#dom-innerhtml>innerHTML</a></code> will return
markup that, if parsed in a different context, would contain a
<code><a href=#the-script-element>script</a></code> node, even though no <code><a href=#the-script-element>script</a></code> node
existed in the original DOM.</p>
Modified: source
===================================================================
--- source 2011-10-19 23:05:39 UTC (rev 6707)
+++ source 2011-10-19 23:11:38 UTC (rev 6708)
@@ -2814,6 +2814,16 @@
</ul>
+ <p>In addition, user agents must implement the features defined in
+ the DOM Range, DOM Parsing and Serialization specification, HTML
+ Editing APIs, and UndoManager and DOM Transaction specifications
+ that apply to their conformance class.
+ <a href="#refsDOMRANGE">[DOMRANGE]</a>
+ <a href="#refsDOMPARSING">[DOMPARSING]</a>
+ <a href="#refsEDITING">[EDITING]</a>
+ <a href="#refsUNDO">[UNDO]</a>
+ </p>
+
<!--END w3c-html--><!--
<p>The following features are defined in the DOM
Range specification: <a href="#refsDOMRANGE">[DOMRANGE]</a></p>
@@ -2836,16 +2846,15 @@
</ul>
--><!--START w3c-html-->
- <p>In addition, user agents must implement the features defined in
- the DOM Range, DOM Parsing and Serialization, HTML Editing APIs,
- and UndoManager and DOM Transaction specifications that apply to
- their conformance class.
- <a href="#refsDOMRANGE">[DOMRANGE]</a>
- <a href="#refsDOMPARSING">[DOMPARSING]</a>
- <a href="#refsEDITING">[EDITING]</a>
- <a href="#refsUNDO">[UNDO]</a>
- </p>
+ <p>The following features are defined in the DOM Parsing and
+ Serialization specification: <a
+ href="#refsDOMPARSING">[DOMPARSING]</a></p>
+ <ul class="brief">
+ <li><dfn title="dom-innerHTML">innerHTML</dfn></li>
+ <li><dfn title="dom-outerHTML">outerHTML</dfn></li>
+ </ul>
+
</dd>
<dt>File API</dt>
More information about the Commit-Watchers
mailing list